<%@ page language="java" contentType="text/html; charset=GBK"
    pageEncoding="GBK"%>
<jsp:directive.page import="db.DBHander"/>
<%
	String userName = request.getParameter("userName");
	String psw = request.getParameter("psw");
	
	
	String url = "login.jsp";
	
	String role = "user";
	boolean isValidate = false;
	DBHander db1 = new DBHander();
	String sql1 ="select role from users where psw='"+ psw+"' and name='"+userName+"'";
	
	if(userName !=null && psw != null){
		db1.rs = db1.stmt.executeQuery(sql1);
		if(db1.rs.next()){
			role = db1.rs.getString(1);			
			isValidate = true;
		}	
	}
	db1.releaseAll();
	
	if(isValidate){
		session.setAttribute("userName",userName);
		//session.setAttribute("psw",psw);
		session.setAttribute("role",role);	
		if(role.compareTo("admin")	==0){
			response.sendRedirect("newsAdmin.jsp");
		}else{
			response.sendRedirect("order.jsp");
		}
	}else{
		response.sendRedirect("login.jsp");
	}
	
	//System.out.println("<br>"+session.getAttribute("userName"));
	//System.out.println("<br>"+session.getAttribute("role"));
	//System.out.println("<br>"+sql1);
%>